- Aug 12, 2013
- 694
Discovered by our team yesterday while searching on a V.I.P section of some "black" forums.
A new exploit has been found on Skype.
We have tried it, here is how it's working and how to prevent.
A little managed tool accesses the Skype process on the black computer and injects some libraries on the Skype process.
After that, the black computer establishes a connection with as many users as possible in a group (creation of a group of conversation).
After that the hacker launches the script of "call" of Skype with the help and modifications of this "black" library and when a user open the conversation when the call is launched (pass from another conversation to the group conversation) him Skype crash instantly and a "Abracadabra.exe" file is created on Temp folder and moved to System32.
After that, it's impossible for the user to launch Skype again. Skype keeps crashing on login (probably a library is infected and used by Abracadabra.exe).
We have searched how we can prevent this attack. First, we have successfully prevented the attack with checking this option on skype options.
But, nevermind, we recommend you to never go on a conversation with more than 20+ people that you don't know.
If your Skype keeps crashing, please uninstall it, do a full scan of your system32 and install it again but never return on the conversation window.
We didn't get any TCP/UDP connection going out from Abracadabra.exe, we have removed it without problem by unchecking it from start-up and renaming the file.
For now, we have cleaned the virtual machine, checked our main machines and sent a mail to Skype with this exploit. We have chosen to share this file and exploit only with Skype, Avast, Kaspersky(Fr) and ESET to prevent all malicious use.
Also, checking this option on Skype is also recommended to prevent all Skype IP resolvers that others can use to get your address IP and attack with a deny of service (DDoS).
I will inform in this thread when we receive any replies from Skype
A new exploit has been found on Skype.
We have tried it, here is how it's working and how to prevent.
A little managed tool accesses the Skype process on the black computer and injects some libraries on the Skype process.
After that, the black computer establishes a connection with as many users as possible in a group (creation of a group of conversation).
After that the hacker launches the script of "call" of Skype with the help and modifications of this "black" library and when a user open the conversation when the call is launched (pass from another conversation to the group conversation) him Skype crash instantly and a "Abracadabra.exe" file is created on Temp folder and moved to System32.
After that, it's impossible for the user to launch Skype again. Skype keeps crashing on login (probably a library is infected and used by Abracadabra.exe).
We have searched how we can prevent this attack. First, we have successfully prevented the attack with checking this option on skype options.
But, nevermind, we recommend you to never go on a conversation with more than 20+ people that you don't know.
If your Skype keeps crashing, please uninstall it, do a full scan of your system32 and install it again but never return on the conversation window.
We didn't get any TCP/UDP connection going out from Abracadabra.exe, we have removed it without problem by unchecking it from start-up and renaming the file.
For now, we have cleaned the virtual machine, checked our main machines and sent a mail to Skype with this exploit. We have chosen to share this file and exploit only with Skype, Avast, Kaspersky(Fr) and ESET to prevent all malicious use.
Also, checking this option on Skype is also recommended to prevent all Skype IP resolvers that others can use to get your address IP and attack with a deny of service (DDoS).
I will inform in this thread when we receive any replies from Skype